Virus - Trojan ou je ne sais quoi que je ne trouve pas :(

Je me permet de faire un petit up.

Je sais que j'ai mis pas mal de texte et que ca peut être chiant à lire mais je pensais que c'était mieux d'expliquer le pourquoi du comment.

Si vous avez pas le temps pour tout lire, au moins une petite aide pour décrypter le log HiJack ?

Bonjour,

[#ff0000]Désactive tes protections résidentes (antivirus, Spybot...) ![/#f]

Télécharge Combofix ([#ff0000]sUBs[/#f]) sur ton Bureau.

Double clique sur combofix.exe afin de le lancer.

Tape sur la touche 1 (Yes) pour démarrer le scan.

Lorsque le scan sera complété, un rapport apparaîtra. Poste ce rapport dans ta prochaine réponse.

Merci pour la réponse,

Voilà le rapport :

ComboFix 08-03-14.4 - Gium 2008-03-17 13:38:37.1 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1522 [GMT 1:00]
Endroit: C:\Documents and Settings\Gium\Bureau\ComboFix.exe
* Création d'un nouveau point de restauration

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

(((((((((((((((((((((((((((((((((((( Autres suppressions ))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Gium\Application Data\macromedia\Flash Player\#SharedObjects\W8F8LT83\www.broadcaster.com
C:\Documents and Settings\Gium\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com
C:\Documents and Settings\Gium\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#www.broadcaster.com\settings.sol
C:\Documents and Settings\Gium\ravmonlog
C:\setup.exe
C:\WINDOWS\system32\Packet.dll
C:\WINDOWS\system32\wpcap.dll

.
((((((((((((((((((((((((((((( Fichiers créés 2008-02-17 to 2008-03-17 ))))))))))))))))))))))))))))))))))))
.

2008-03-16 13:58 . 2008-03-16 13:58 <REP> d-------- C:\538c2bd377e3ae88732daf3e
2008-03-16 13:48 . 2008-03-16 13:48 <REP> d-------- C:\WINDOWS\LastGood
2008-03-16 13:15 . 2005-10-09 21:14 53,248 --a------ C:\WINDOWS\system32\SanCpl.cpl
2008-03-13 16:21 . 2008-03-13 16:21 <REP> d-------- C:\Documents and Settings\Gium\.housecall6.6
2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-03-12 08:02 . 2008-03-12 08:02 <REP> d--hs---- C:\FOUND.006
2008-03-09 20:26 . 2008-03-09 20:26 1 --a------ C:\WINDOWS\system32\SI.bin
2008-03-01 12:33 . 2008-03-01 12:33 <REP> d--hs---- C:\FOUND.005
2008-02-27 22:14 . 2008-02-27 22:14 58,652 --a------ C:\Program Files\AMVapp-uninst.exe
2008-02-24 19:14 . 2008-02-24 19:14 <REP> d-------- C:\Program Files\Morgan
2008-02-24 19:14 . 2008-02-24 19:14 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
2008-02-22 19:19 . 2008-03-12 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-22 19:19 . 2008-02-22 19:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-21 16:10 . 2008-02-21 16:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2008-02-21 15:56 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-02-21 15:56 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-02-21 15:46 . 2008-02-21 15:46 <REP> d-------- C:\Program Files\Bonjour
2008-02-21 15:41 . 2008-02-21 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-19 10:45 . 2008-02-19 10:45 <REP> d-------- C:\Documents and Settings\Gium\Application Data\MAGIX
2008-02-18 13:07 . 2008-02-18 13:07 <REP> d-------- C:\Program Files\ffdshow
2008-02-18 13:07 . 2008-02-27 22:14 35,365 --a------ C:\WINDOWS\system32\uninstHelixYUV.exe
2008-02-18 13:06 . 2008-02-18 13:06 275 --a------ C:\Disque local (D) (2).lnk
2008-02-18 13:01 . 2008-02-18 13:01 <REP> d-------- C:\Program Files\AMVapp
2008-02-17 20:26 . 2008-02-17 20:32 52 --a------ C:\WINDOWS\VideodeLuxe.INI
2008-02-17 20:02 . 2003-04-18 16:29 44,544 --a------ C:\WINDOWS\system32\msxml4a.dll
2008-02-17 20:01 . 2001-05-11 13:18 420,240 --a------ C:\WINDOWS\system32\mpg4c32.dll
2008-02-17 20:01 . 2001-05-16 17:54 309,616 --a------ C:\WINDOWS\system32\wmv8dmod.dll
2008-02-17 20:01 . 2001-03-26 04:41 245,760 --a------ C:\WINDOWS\system32\mp4sds32.ax
2008-02-17 19:59 . 2008-02-17 19:59 <REP> d-------- C:\Program Files\Fichiers communs\MAGIX Shared
2008-02-17 19:53 . 2008-02-17 19:53 <REP> d-------- C:\WINDOWS\system32\MAGIX
2008-02-17 19:53 . 2002-09-21 00:33 1,089,536 --a------ C:\WINDOWS\system32\ROBOEX32.DLL
2008-02-17 19:53 . 1998-10-15 17:28 85,504 --a------ C:\WINDOWS\system32\HtmlWH.dll
2008-02-17 19:53 . 1999-01-28 14:44 49,152 --a------ C:\WINDOWS\system32\INETWH32.dll
2008-02-17 19:52 . 2005-07-13 14:04 446,464 --a------ C:\WINDOWS\system32\mgxoschk.dll
2008-02-17 19:52 . 2005-06-10 11:38 1,287 --a------ C:\WINDOWS\mgxoschk.ini
2008-02-17 13:23 . 2008-02-17 13:23 <REP> d-------- C:\Documents and Settings\All Users\Bureau

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 19:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 09:54 102,400 ----a-w C:\WINDOWS\DUMP82dc.tmp
2008-02-16 21:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
2008-02-16 20:17 --------- d-----w C:\Program Files\MSBuild
2008-02-16 20:17 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 20:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 20:12 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-16 17:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
2008-02-16 17:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2008-02-14 12:36 102,400 ----a-w C:\WINDOWS\DUMP96a3.tmp
2008-02-10 13:47 102,400 ----a-w C:\WINDOWS\DUMP8193.tmp
2008-02-06 19:40 --------- d-----w C:\Documents and Settings\Gium\Application Data\InstallShield
2008-01-26 10:39 --------- d-----w C:\Documents and Settings\Gium\Application Data\.purple
2008-01-25 23:19 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-01-25 19:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-20 15:36 --------- d-----w C:\Program Files\Common Files
2008-01-09 18:43 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-05-24 09:46 21,552 ----a-w C:\WINDOWS\inf\usbstor.sys
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
.

((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot S&D\TeaTimer.exe" [2005-05-31 01:04 1415824]
"DAEMON Tools"="D:\Divers\deamon tools\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 14850560 C:\WINDOWS\RTHDCPL.EXE]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 19:12 544768 C:\WINDOWS\sm56hlpr.exe]
"iTunesHelper"="D:\LecteurMP3\iTunes\iTunesHelper.exe" [2006-09-12 00:58 229952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-01-30 09:03 46080]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 14:00 79224]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"CTPCMCIASBUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe" [2005-09-05 11:24 147456]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"CTHelper"="CTHELPER.EXE" [2005-12-08 05:06 16384 C:\WINDOWS\CTHELPER.EXE]
"HControl"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\Gium\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-07-12 15:37:26 32768]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinChk"= {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll [2008-03-11 23:55 18702]
"zip"= {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll [2008-03-11 23:55 23322]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"D:\\LecteurMP3\\iTunes\\iTunes.exe"=
"D:\\Kraland\\mIRC\\mirc.exe"=
"D:\\P2P\\Azureus\\Azureus.exe"=
"D:\\Jeux\\Blobby volley\\volley.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\MicrosoftOffice\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15858:TCP"= 15858:TCP:NortonAV
"17461:TCP"= 17461:TCP:NortonAV
"16841:TCP"= 16841:TCP:NortonAV

S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Gium\LOCALS~1\Temp\cdrmkaun.sys [2004-02-07 21:07]
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 PEEK5;PEEK5 Protocol Driver;D:\ADSL\Aircrack\AIRCRA~1.1\bin\PEEK5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5c8d20-575e-11db-9799-0013023ce91f}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcaad08-bee3-11dc-9a2c-0013023ce91f}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72dc21e-6e69-11db-9812-0013023ce91f}]
\Shell\AutoRun\command - F:\LaunchU3.exe

*Newly Created Service* - EVERESTDRIVER
*Newly Created Service* - SANDRA
*Newly Created Service* - SANDRATHESRV
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-17 13:41:28
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-17 13:41:56
ComboFix-quarantined-files.txt 2008-03-17 12:41:56

Reposte un rapport Hijackthis.

Encore une fois merci, le voici :

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:26:05, on 17/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\Program Files\ASUS\ASUS Live Update\ALU.exe
C:\WINDOWS\sm56hlpr.exe
D:\LecteurMP3\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SMSC\Seticon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\Hcontrol.exe
C:\WINDOWS\system32\ctfmon.exe
D:\Divers\deamon tools\DAEMON Tools\daemon.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\ATKOSD.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Spybot S&D\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\LecteurMP3\winamp\winamp.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
D:\Mozilla\Firefox\Mozilla Firefox\firefox.exe
D:\Divers\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://televisionsurpc.neuf.fr/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.15.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\LecteurMP3\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\Hcontrol.exe
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot S&D\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Divers\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
O21 - SSODL: WinChk - {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
O21 - SSODL: zip - {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

--
End of file - 10517 bytes

Ton pc se comporte mieux ?

Désinstalle correctement Avast! pour le remplacer par AntiVir.
Pourquoi changer ? Avast! vs AntiVir

Fais un scan complet puis poste le rapport en fin d'analyse.
AIDE : Tutorial sur l'antivirus AntiVir Personal Edition Classic

Bonjour, et merci !

Mon PC a l'air de mieux se comporter (mais je l'ai utiliser que deux heures, j'ai pas eu masse de temps hier). J'ai cependant suivi les instructions et installer AntiVir.
Cependant, Spybot, au démarage, me demande d'autoriser une série de modification au registre. Et ca à chaque démarage, comme si ma réponse n'était pas prise en compte ... Une idée ? Je pense que ca bien de la désinstallation d'avast pour mettre AntiVir.

J'ai fait un scan complet en mode sans échec comme conseillé sur le tuto.

Voilà le rapport :



AntiVir PersonalEdition Classic
Report file date: mardi 18 mars 2008 22:45

Scanning for 1157825 virus strains and unwanted programs.

Licensed to: Avira AntiVir PersonalEdition Classic
Serial number: 0000149996-ADJIE-0001
Platform: Windows XP
Windows version: (Service Pack 2) [5.1.2600]
Username: Administrateur
Computer name: TRIGIUM

Version information:
BUILD.DAT : 270 15603 Bytes 19/09/2007 13:32:00
AVSCAN.EXE : 7.0.6.1 290856 Bytes 23/08/2007 13:16:30
AVSCAN.DLL : 7.0.6.0 49192 Bytes 16/08/2007 12:23:52
LUKE.DLL : 7.0.5.3 147496 Bytes 14/08/2007 15:32:48
LUKERES.DLL : 7.0.6.1 10280 Bytes 21/08/2007 12:35:22
ANTIVIR0.VDF : 6.40.0.0 11030528 Bytes 18/07/2007 14:27:16
ANTIVIR1.VDF : 7.0.3.2 5447168 Bytes 07/03/2008 21:35:00
ANTIVIR2.VDF : 7.0.3.3 2048 Bytes 07/03/2008 21:35:00
ANTIVIR3.VDF : 7.0.3.49 297472 Bytes 18/03/2008 21:35:00
AVEWIN32.DLL : 7.6.0.75 3334656 Bytes 18/03/2008 21:35:00
AVWINLL.DLL : 1.0.0.7 14376 Bytes 26/02/2007 10:36:28
AVPREF.DLL : 7.0.2.2 25640 Bytes 18/07/2007 07:39:18
AVREP.DLL : 7.0.0.1 155688 Bytes 16/04/2007 13:16:24
AVPACK32.DLL : 7.6.0.3 360488 Bytes 18/03/2008 21:35:00
AVREG.DLL : 7.0.1.6 30760 Bytes 18/07/2007 07:17:08
AVARKT.DLL : 1.0.0.20 278568 Bytes 28/08/2007 12:26:34
AVEVTLOG.DLL : 7.0.0.20 86056 Bytes 18/07/2007 07:10:20
NETNT.DLL : 7.0.0.0 7720 Bytes 08/03/2007 11:09:44
RCIMAGE.DLL : 7.0.1.30 2342952 Bytes 07/08/2007 12:38:14
RCTEXT.DLL : 7.0.62.0 86056 Bytes 21/08/2007 12:50:38
SQLITE3.DLL : 3.3.17.1 339968 Bytes 23/07/2007 09:37:22

Configuration settings for the scan:
Jobname..........................: Local Hard Disks
Configuration file...............: c:\program files\avira\antivir personaledition classic\alldiscs.avp
Logging..........................: low
Primary action...................: interactive
Secondary action.................: ignore
Scan master boot sector..........: off
Scan boot sector.................: on
Boot sectors.....................: D:,
Scan memory......................: on
Process scan.....................: on
Scan registry....................: on
Search for rootkits..............: off
Scan all files...................: Intelligent file selection
Scan archives....................: on
Recursion depth..................: 20
Smart extensions.................: on
Macro heuristic..................: on
File heuristic...................: medium

Start of the scan: mardi 18 mars 2008 22:45

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned
11 processes with 11 modules were scanned

Start scanning boot sectors:
Boot sector 'C:\'
[NOTE] No virus was found!
Boot sector 'D:\'
[NOTE] No virus was found!

Starting to scan the registry.
The registry was scanned ( '52' files ).


Starting the file scan:

Begin scan in 'C:\'
C:\pagefile.sys
[WARNING] The file could not be opened!
C:\WINDOWS\system32\drivers\sptd.sys
[WARNING] The file could not be opened!
C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[INFO] The file was moved to '484e4136.qua'!
C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[INFO] The file was moved to '48504137.qua'!
C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066727.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was moved to '48104b42.qua'!
C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066728.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
[INFO] The file was moved to '496d2053.qua'!
C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066729.exe
[DETECTION] Is the Trojan horse TR/Agent.fwi
[INFO] The file was moved to '48104b43.qua'!
C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP352\A0066730.exe
[DETECTION] Is the Trojan horse TR/Drop.Agent.TPH
[INFO] The file was moved to '496d2054.qua'!
C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP356\A0068027.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[INFO] The file was moved to '48104b73.qua'!
C:\System Volume Information\_restore{1D4F6CB4-763C-480D-8AAC-01A9870D6924}\RP356\A0068028.dll
[DETECTION] Is the Trojan horse TR/Shell.Eviell
[INFO] The file was moved to '496d2064.qua'!
Begin scan in 'D:\'


End of the scan: mercredi 19 mars 2008 02:38
Used time: 3:53:21 min

The scan has been done completely.

12652 Scanning directories
402995 Files were scanned
8 viruses and/or unwanted programs were found
0 Files were classified as suspicious:
0 files were deleted
0 files were repaired
8 files were moved to quarantine
0 files were renamed
2 Files cannot be scanned
402987 Files not concerned
7936 Archives were scanned
2 Warnings
7 Notes

Reposte un rapport Hijackthis.

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 17:27:02, on 19/03/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
Le voilà :

(Paranthèse : Y-a-t-il un topic pour comprendre la succession de scan et l'utilité de chacun et leur fonction ? )


MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\CTsvcCDA.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\RTHDCPL.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Wireless Console 2\wcourier.exe
C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe
C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe
C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe
C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe
C:\WINDOWS\sm56hlpr.exe
D:\LecteurMP3\iTunes\iTunesHelper.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
C:\Program Files\SMSC\Seticon.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE
C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe
C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\Hcontrol.exe
C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Spybot S&D\TeaTimer.exe
C:\WINDOWS\ATKOSD.exe
D:\Divers\deamon tools\DAEMON Tools\daemon.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\Java\jre1.5.0_06\bin\jucheck.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\Program Files\MSN Messenger\msnmsgr.exe
D:\Mozilla\Firefox\Mozilla Firefox\firefox.exe
D:\Divers\HiJack\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://televisionsurpc.neuf.fr/index.html
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = 172.31.15.254:8080
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = Liens
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - c:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Wireless Console 2] C:\Program Files\Wireless Console 2\wcourier.exe
O4 - HKLM\..\Run: [IntelZeroConfig] "C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe"
O4 - HKLM\..\Run: [IntelWireless] "C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" /tf Intel PROSet/Wireless
O4 - HKLM\..\Run: [EOUApp] "C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe"
O4 - HKLM\..\Run: [Power_Gear] C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe 1
O4 - HKLM\..\Run: [ASUS Live Update] C:\Program Files\ASUS\ASUS Live Update\ALU.exe
O4 - HKLM\..\Run: [ABLKSR] C:\WINDOWS\ABLKSR\ABLKSR.exe
O4 - HKLM\..\Run: [SMSERIAL] sm56hlpr.exe
O4 - HKLM\..\Run: [iTunesHelper] "D:\LecteurMP3\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe
O4 - HKLM\..\Run: [DXM6Patch_981116] C:\WINDOWS\p_981116.exe /Q:A
O4 - HKLM\..\Run: [SetIcon] \Program Files\SMSC\Seticon.exe
O4 - HKLM\..\Run: [CTDVDDET] "C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE"
O4 - HKLM\..\Run: [CTSysVol] C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe /r
O4 - HKLM\..\Run: [CTPCMCIASBUtility] C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe
O4 - HKLM\..\Run: [AudioDrvEmulator] "C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" -1 AudioDrvEmulator "C:\Program Files\Creative\Shared Files\Module Loader\Audio Emulator\AudDrvEm.dll"
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [HControl] C:\WINDOWS\Hcontrol.exe
O4 - HKLM\..\Run: [avgnt] "C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" /min
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot S&D\TeaTimer.exe
O4 - HKCU\..\Run: [DAEMON Tools] "D:\Divers\deamon tools\DAEMON Tools\daemon.exe" -lang 1033
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE LOCAL')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SERVICE RÉSEAU')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - Startup: Adobe Gamma.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: ASUS ChkMail.lnk = C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe
O4 - Global Startup: Bluetooth Manager.lnk = ?
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Console Java (Sun) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\MICROS~1\Office12\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O14 - IERESET.INF: START_PAGE_URL=http://www.asus.com
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/su2/CTL_V02002/ocx/15031/CTPID....
O21 - SSODL: WinChk - {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll (file missing)
O21 - SSODL: zip - {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll (file missing)
O23 - Service: AntiVir PersonalEdition Classic Scheduler (AntiVirScheduler) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\sched.exe
O23 - Service: AntiVir PersonalEdition Classic Guard (AntiVirService) - Avira GmbH - C:\Program Files\Avira\AntiVir PersonalEdition Classic\avguard.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ##Id_String1.6844F930_1628_4223_B5CC_5BB94B879762## (Bonjour Service) - Apple Computer, Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Fichiers communs\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Fichiers communs\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: Intel(R) PROSet/Wireless Service (S24EventMonitor) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
O23 - Service: Sandra Data Service (SandraDataSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcDataSrv.exe
O23 - Service: Sandra Service (SandraTheSrv) - SiSoftware - D:\Divers\Sandra\SiSoftware Sandra Lite 2005.SR3\RpcSandraSrv.exe

--
End of file - 10163 bytes

Refais un scan Combofix.

D'accord, voilà le rapport :

ComboFix 08-03-14.4 - Gium 2008-03-19 22:08:28.2 - FAT32x86
Microsoft Windows XP Édition familiale 5.1.2600.2.1252.1.1036.18.1516 [GMT 1:00]
Endroit: D:\Divers\ComboFix.exe

AVERTISSEMENT - LA CONSOLE DE RÉCUPÉRATION N'EST PAS INSTALLÉE SUR CETTE MACHINE !!
.

((((((((((((((((((((((((((((( Fichiers créés 2008-02-19 to 2008-03-19 ))))))))))))))))))))))))))))))))))))
.

2008-03-18 23:24 . 2008-03-18 23:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Talkback
2008-03-18 22:40 . 2006-07-12 15:37 <REP> d-------- C:\Documents and Settings\Administrateur\WINDOWS
2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage réseau
2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Voisinage d'impression
2008-03-18 22:40 . 2006-07-12 14:59 <REP> d--h----- C:\Documents and Settings\Administrateur\Modèles
2008-03-18 22:40 . 2006-07-12 15:13 <REP> dr------- C:\Documents and Settings\Administrateur\Mes documents
2008-03-18 22:40 . 2006-07-12 14:59 <REP> dr------- C:\Documents and Settings\Administrateur\Menu Démarrer
2008-03-18 22:40 . 2006-07-12 15:13 <REP> dr------- C:\Documents and Settings\Administrateur\Favoris
2008-03-18 22:40 . 2006-07-12 14:59 <REP> d-------- C:\Documents and Settings\Administrateur\Bureau
2008-03-18 22:40 . 2006-07-12 15:24 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Symantec
2008-03-18 22:40 . 2006-07-12 15:35 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\Intel
2008-03-18 22:40 . 2006-07-12 15:38 <REP> d-------- C:\Documents and Settings\Administrateur\Application Data\ATI
2008-03-18 22:33 . 2008-03-18 22:33 <REP> d-------- C:\Program Files\Avira
2008-03-18 22:33 . 2008-03-18 22:33 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Avira
2008-03-16 13:15 . 2005-10-09 21:14 53,248 --a------ C:\WINDOWS\system32\SanCpl.cpl
2008-03-13 16:21 . 2008-03-13 16:21 <REP> d-------- C:\Documents and Settings\Gium\.housecall6.6
2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settingsbkup.sfm
2008-03-13 14:28 . 2008-03-13 16:34 588 --a------ C:\WINDOWS\system32\settings.sfm
2008-03-12 08:02 . 2008-03-12 08:02 <REP> d--hs---- C:\FOUND.006
2008-03-09 20:26 . 2008-03-09 20:26 1 --a------ C:\WINDOWS\system32\SI.bin
2008-03-01 12:33 . 2008-03-01 12:33 <REP> d--hs---- C:\FOUND.005
2008-02-27 22:14 . 2008-02-27 22:14 58,652 --a------ C:\Program Files\AMVapp-uninst.exe
2008-02-24 19:14 . 2008-02-24 19:14 <REP> d-------- C:\Program Files\Morgan
2008-02-24 19:14 . 2008-02-24 19:14 53,248 --a------ C:\WINDOWS\system32\DivXAF.ax
2008-02-22 19:19 . 2008-03-12 20:43 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-22 19:19 . 2008-02-22 19:19 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-21 16:10 . 2008-02-21 16:10 <REP> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\FLEXnet
2008-02-21 15:56 . 2007-02-20 16:04 2,463,976 --a------ C:\WINDOWS\system32\NPSWF32.dll
2008-02-21 15:56 . 2007-02-20 16:04 190,696 --a------ C:\WINDOWS\system32\NPSWF32_FlashUtil.exe
2008-02-21 15:46 . 2008-02-21 15:46 <REP> d-------- C:\Program Files\Bonjour
2008-02-21 15:41 . 2008-02-21 15:41 <REP> d-------- C:\Program Files\Fichiers communs\Macrovision Shared
2008-02-19 10:45 . 2008-02-19 10:45 <REP> d-------- C:\Documents and Settings\Gium\Application Data\MAGIX

.
(((((((((((((((((((((((((((((((((( Compte-rendu de Find3M ))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-09 19:30 98,304 ----a-w C:\WINDOWS\system32\CmdLineExt.dll
2008-03-05 09:54 102,400 ----a-w C:\WINDOWS\DUMP82dc.tmp
2008-02-27 21:14 35,365 ----a-w C:\WINDOWS\system32\uninstHelixYUV.exe
2008-02-18 12:07 --------- d-----w C:\Program Files\ffdshow
2008-02-18 12:01 --------- d-----w C:\Program Files\AMVapp
2008-02-17 18:59 --------- d-----w C:\Program Files\Fichiers communs\MAGIX Shared
2008-02-16 21:11 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle VideoSpin
2008-02-16 20:17 --------- d-----w C:\Program Files\MSBuild
2008-02-16 20:17 --------- d-----w C:\Program Files\Microsoft Works
2008-02-16 20:15 --------- d-----w C:\Program Files\Microsoft.NET
2008-02-16 20:12 --------- d-----w C:\Program Files\Microsoft Visual Studio 8
2008-02-16 17:09 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\VideoSpin
2008-02-16 17:07 --------- d-----w C:\DOCUME~1\ALLUSE~1\APPLIC~1\Pinnacle
2008-02-14 12:36 102,400 ----a-w C:\WINDOWS\DUMP96a3.tmp
2008-02-10 13:47 102,400 ----a-w C:\WINDOWS\DUMP8193.tmp
2008-02-06 19:40 --------- d-----w C:\Documents and Settings\Gium\Application Data\InstallShield
2008-01-26 10:39 --------- d-----w C:\Documents and Settings\Gium\Application Data\.purple
2008-01-25 23:19 139,264 ----a-w C:\WINDOWS\War3Unin.exe
2008-01-25 19:35 25,280 ----a-w C:\WINDOWS\system32\drivers\hamachi.sys
2008-01-20 15:36 --------- d-----w C:\Program Files\Common Files
2008-01-09 18:43 43,520 ----a-w C:\WINDOWS\system32\CmdLineExt03.dll
2008-01-04 21:58 129,784 ------w C:\WINDOWS\system32\pxafs.dll
2008-01-04 21:58 120,056 ------w C:\WINDOWS\system32\pxcpyi64.exe
2008-01-04 21:58 118,520 ------w C:\WINDOWS\system32\pxinsi64.exe
2008-01-04 21:56 156,992 ----a-w C:\WINDOWS\system32\DivXCodecVersionChecker.exe
2006-05-24 09:46 21,552 ----a-w C:\WINDOWS\inf\usbstor.sys
2005-10-13 20:27 422,400 --sha-r C:\WINDOWS\x2.64.exe
2005-05-13 16:12 217,073 --sha-r C:\WINDOWS\meta4.exe
2005-10-24 10:13 66,560 --sha-r C:\WINDOWS\MOTA113.exe
2005-10-07 18:14 308,224 --sha-r C:\WINDOWS\system32\avisynth.dll
2005-02-28 12:16 240,128 --sha-r C:\WINDOWS\system32\x.264.exe
2005-07-14 11:31 27,648 --sha-r C:\WINDOWS\system32\AVSredirect.dll
2005-06-26 14:32 616,448 --sha-r C:\WINDOWS\system32\cygwin1.dll
2005-06-21 21:37 45,568 --sha-r C:\WINDOWS\system32\cygz.dll
2006-04-27 09:24 2,945,024 --sha-r C:\WINDOWS\system32\Smab.dll
.

((((((((((((((((((((((((((((( snapshot@2008-03-17_13.41.39,65 )))))))))))))))))))))))))))))))))))))))))
.
+ 2007-08-09 12:04:12 40,768 ----a-w C:\WINDOWS\system32\drivers\avgntdd.sys
+ 2007-07-18 13:22:20 21,312 ----a-w C:\WINDOWS\system32\drivers\avgntmgr.sys
+ 2008-03-18 21:35:00 61,632 ----a-w C:\WINDOWS\system32\drivers\avipbb.sys
+ 2007-03-01 09:34:38 28,352 ----a-w C:\WINDOWS\system32\drivers\ssmdrv.sys
.
((((((((((((((((((((((((((((((((( Point de chargement Reg )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
REGEDIT4
*Note* les éléments vides & les éléments initiaux légitimes ne sont pas listés

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-05 14:00 15360]
"SpybotSD TeaTimer"="C:\Program Files\Spybot S&D\TeaTimer.exe" [2005-05-31 01:04 1415824]
"DAEMON Tools"="D:\Divers\deamon tools\DAEMON Tools\daemon.exe" [2007-04-03 23:29 165784]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"ATICCC"="C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 17:41 45056]
"RTHDCPL"="RTHDCPL.EXE" [2005-09-06 08:39 14850560 C:\WINDOWS\RTHDCPL.EXE]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2005-10-21 02:26 761945]
"Wireless Console 2"="C:\Program Files\Wireless Console 2\wcourier.exe" [2005-10-17 17:09 987136]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2006-04-14 11:51 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2006-04-14 11:52 602182]
"EOUApp"="C:\Program Files\Intel\Wireless\Bin\EOUWiz.exe" [2006-04-14 11:56 569413]
"Power_Gear"="C:\Program Files\ASUS\Power4 Gear\BatteryLife.exe" [2006-03-06 17:13 86016]
"ASUS Live Update"="C:\Program Files\ASUS\ASUS Live Update\ALU.exe" [2006-02-21 15:20 180224]
"ABLKSR"="C:\WINDOWS\ABLKSR\ABLKSR.exe" [2006-01-02 21:14 61440]
"SMSERIAL"="sm56hlpr.exe" [2005-05-26 19:12 544768 C:\WINDOWS\sm56hlpr.exe]
"iTunesHelper"="D:\LecteurMP3\iTunes\iTunesHelper.exe" [2006-09-12 00:58 229952]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-09-01 15:57 282624]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_06\bin\jusched.exe" [2005-11-10 13:03 36975]
"DXM6Patch_981116"="C:\WINDOWS\p_981116.exe" [1998-11-30 18:04 497376]
"SetIcon"="\Program Files\SMSC\Seticon.exe" [2004-01-30 09:03 46080]
"CTDVDDET"="C:\Program Files\Creative\Sound Blaster Audigy 2\DVDAudio\CTDVDDET.EXE" [2003-06-18 01:00 45056]
"CTSysVol"="C:\Program Files\Creative\Sound Blaster Audigy 2\Surround Mixer\CTSysVol.exe" [2005-10-31 10:51 57344]
"CTPCMCIASBUtility"="C:\Program Files\Creative\Sound Blaster Audigy 2\PCMCIA Sound Blaster Utility\CTSBUtl.exe" [2005-09-05 11:24 147456]
"AudioDrvEmulator"="C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe" [2005-11-04 18:07 49152]
"CTHelper"="CTHELPER.EXE" [2005-12-08 05:06 16384 C:\WINDOWS\CTHELPER.EXE]
"HControl"="C:\WINDOWS\Hcontrol.exe" [2002-01-08 15:22 53248]
"avgnt"="C:\Program Files\Avira\AntiVir PersonalEdition Classic\avgnt.exe" [2008-03-18 22:35 249896]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-05 14:00 15360]

C:\Documents and Settings\Gium\Menu D‚marrer\Programmes\D‚marrage\
Adobe Gamma.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

C:\DOCUME~1\ALLUSE~1\MENUD~1\PROGRA~1\DMARR~1\
ASUS ChkMail.lnk - C:\Program Files\ASUS\Asus ChkMail\ChkMail.exe [2006-07-12 15:37:26 32768]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng1.exe [2005-06-16 11:11:42 49152]
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 04:44:06 29696]
Adobe Gamma Loader.lnk - C:\Program Files\Fichiers communs\Adobe\Calibration\Adobe Gamma Loader.exe [2006-09-29 21:27:12 113664]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"WinChk"= {8135cb9a-a438-4584-a0e9-e80da2aed747} - C:\WINDOWS\Installer\{8135cb9a-a438-4584-a0e9-e80da2aed747}\WinChk.dll [ ]
"zip"= {60726ae1-4782-493b-9498-e944722d7c24} - C:\WINDOWS\Installer\{60726ae1-4782-493b-9498-e944722d7c24}\zip.dll [ ]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\MSMSGS.EXE"=
"D:\\LecteurMP3\\iTunes\\iTunes.exe"=
"D:\\Kraland\\mIRC\\mirc.exe"=
"D:\\P2P\\Azureus\\Azureus.exe"=
"D:\\Jeux\\Blobby volley\\volley.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"D:\\MicrosoftOffice\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"15858:TCP"= 15858:TCP:NortonAV
"17461:TCP"= 17461:TCP:NortonAV
"16841:TCP"= 16841:TCP:NortonAV

S3 cdrmkaun;cdrmkaun;C:\DOCUME~1\Gium\LOCALS~1\Temp\cdrmkaun.sys []
S3 NSNDIS5;NSNDIS5 NDIS Protocol Driver;C:\WINDOWS\system32\NSNDIS5.SYS [2004-03-24 03:12]
S3 PCASp50;PCASp50 NDIS Protocol Driver;C:\WINDOWS\system32\Drivers\PCASp50.sys [2005-11-19 02:13]
S3 PEEK5;PEEK5 Protocol Driver;D:\ADSL\Aircrack\AIRCRA~1.1\bin\PEEK5.SYS []

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{0b5c8d20-575e-11db-9799-0013023ce91f}]
\Shell\Auto\command - bittorrent.exe e
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL bittorrent.exe e

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{6dcaad08-bee3-11dc-9a2c-0013023ce91f}]
\Shell\AutoRun\command - E:\wd_windows_tools\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e72dc21e-6e69-11db-9812-0013023ce91f}]
\Shell\AutoRun\command - F:\LaunchU3.exe

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-19 22:11:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

Balayage processus cachés ...

Balayage caché autostart entries ...

Balayage des fichiers cachés ...

Scan terminé avec succès
Les fichiers cachés: 0

**************************************************************************
.
Temps d'accomplissement: 2008-03-19 22:11:50
ComboFix-quarantined-files.txt 2008-03-19 21:11:48
ComboFix2.txt 2008-03-17 12:41:58

Re,

[#ff0000]Désactive tes protections résidentes (antivirus...) ![/#f]
Copie (Ctrl+C) le texte se situant dans le cadre ci-dessous :



Ouvre le Bloc-Notes puis colle (Ctrl+V) le texte précedemment copié.
Sauvegarde ce fichier sous le nom de CFScript.txt.

Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ci-dessous :


Cela va relancer Combofix, tape sur 1 puis valide. Après redémarrage, poste le contenu du rapport Combofix.txt accompagné d'un rapport Hijackthis.
[#ff0000]NOTE : S'il n'y a pas de rédémarrage, poste quand même les rapports demandés.[/#f]

Voilà les rapports (en quote pour plus de lisibilité) :

ComboFix :


HiJackThis:


C'est en bonne voie ? Je suis pas trop infecté ? Je me rends pas bien compte ...

Tu as le même problème ?

Non, j'ai l'impression que c'est passé.

Merci beaucoup  

Pour ne pas revenir déranger, je (re) demande, il n'y a pas de topic explicatif sur les scans, leurs effets, les effets de comboFix, toussa, pour qu'on puisse essayer de se dépatouiller seul ?

Y a t-il de bon site pour apprendre ca sinon ? Ou des tutoriaux ?

Non  
Faut lire, lire et lire.

Oki .... Bon bah merci et puis je vais tenter de m'instruire  

Bonne continuation.